VMware Cloud Community
TheVMinator
Expert
Expert
Jump to solution

Add VM to a Port Mirroring Session

I need every VM added to a given folder in vCenter to be added to an existing distributed switch port mirroring session.  Is this possible using PowerCLI?

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

The following will add the VM ($vmName) to a specific port mirroring session ($mirrorSessionName) on a distributed switch ($dvSwName).

You can define the traffic direction(s) for which the VM needs to be added with the variables $Ingress and $Egress.

Note that there isn't any error checking in the script.

For example if the mirror session does not exist, the script will fail without an informative messages.

To repeat this script for all VMs in a specific folder should be not too difficult, I assume ?

$dvSwName = 'dvSw1'

$mirrorSessionName = 'Test'

$vmName = 'VM2'

$Ingress = $false

$Egress = $true

$dvSw = Get-VDSwitch -Name $dvSwName

$vm = Get-VM -Name $vmName

$vmNic = $vm.ExtensionData.Config.Hardware.Device |

    where{$_.Backing -is [VMware.Vim.VirtualEthernetCardDistributedVirtualPortBackingInfo]}

$spec = New-Object VMware.Vim.VMwareDVSConfigSpec

foreach($mirrorSession in $dvSw.ExtensionData.Config.VspanSession){

    if($mirrorSession.Name -eq $mirrorSessionName){

        $vspan = New-Object VMware.Vim.VMwareDVSVspanConfigSpec

        $vspan.Operation = [VMware.Vim.ConfigSpecOperation]::edit

        $vmInRc = $mirrorSession.SourcePortReceived | where{$_.PortKey -contains $vmNic.Backing.Port.PortKey}

        if($Ingress -and !$vmInRc){

            $mirrorSession.SourcePortReceived.PortKey += $vmNic.Backing.Port.PortKey

        }

        $vmInTx = $mirrorSession.SourcePortTRansmitted | where{$_.PortKey -contains $vmNic.Backing.Port.PortKey}

        if($Egress -and !$vmInTx){

            $mirrorSession.SourcePortTransmitted.PortKey += $vmNic.Backing.Port.PortKey

        }

        $vspan.vspanSession = $mirrorSession

        $spec.vspanConfigSpec += $vspan

    }

}

$spec.ConfigVersion = $dvSw.ExtensionData.Config.ConfigVersion

$dvSw.ExtensionData.ReconfigureDvs($spec)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

7 Replies
TheVMinator
Expert
Expert
Jump to solution

Anyone?

Reply
0 Kudos
TheVMinator
Expert
Expert
Jump to solution

(O LucD wherefore art thou)?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I'll have a look how this could be done, hold on.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

LucD
Leadership
Leadership
Jump to solution

The following will add the VM ($vmName) to a specific port mirroring session ($mirrorSessionName) on a distributed switch ($dvSwName).

You can define the traffic direction(s) for which the VM needs to be added with the variables $Ingress and $Egress.

Note that there isn't any error checking in the script.

For example if the mirror session does not exist, the script will fail without an informative messages.

To repeat this script for all VMs in a specific folder should be not too difficult, I assume ?

$dvSwName = 'dvSw1'

$mirrorSessionName = 'Test'

$vmName = 'VM2'

$Ingress = $false

$Egress = $true

$dvSw = Get-VDSwitch -Name $dvSwName

$vm = Get-VM -Name $vmName

$vmNic = $vm.ExtensionData.Config.Hardware.Device |

    where{$_.Backing -is [VMware.Vim.VirtualEthernetCardDistributedVirtualPortBackingInfo]}

$spec = New-Object VMware.Vim.VMwareDVSConfigSpec

foreach($mirrorSession in $dvSw.ExtensionData.Config.VspanSession){

    if($mirrorSession.Name -eq $mirrorSessionName){

        $vspan = New-Object VMware.Vim.VMwareDVSVspanConfigSpec

        $vspan.Operation = [VMware.Vim.ConfigSpecOperation]::edit

        $vmInRc = $mirrorSession.SourcePortReceived | where{$_.PortKey -contains $vmNic.Backing.Port.PortKey}

        if($Ingress -and !$vmInRc){

            $mirrorSession.SourcePortReceived.PortKey += $vmNic.Backing.Port.PortKey

        }

        $vmInTx = $mirrorSession.SourcePortTRansmitted | where{$_.PortKey -contains $vmNic.Backing.Port.PortKey}

        if($Egress -and !$vmInTx){

            $mirrorSession.SourcePortTransmitted.PortKey += $vmNic.Backing.Port.PortKey

        }

        $vspan.vspanSession = $mirrorSession

        $spec.vspanConfigSpec += $vspan

    }

}

$spec.ConfigVersion = $dvSw.ExtensionData.Config.ConfigVersion

$dvSw.ExtensionData.ReconfigureDvs($spec)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

TheVMinator
Expert
Expert
Jump to solution

This is great - thanks a million!

Reply
0 Kudos
mhops
Enthusiast
Enthusiast
Jump to solution

Would be possible through this approach to add just a specific vNIC of a VM that has 2 or more vNICs?

In my scenario, I have 1 Firewall VM that has 4 vNICs configured and I would like to add just one of them. With the provided code, I was able to add all the vNIC on the vspanSession at once.

I have been trying to implement something like that but no success:

The condition to select the single vNIC in the VM could be based in either:

  • - the device number ( for example the vNIC 1 ) 
    or
  • - the network port group the vNIC it's connected to. ( for example PortGroup VLAN 100 )


That seems possible?

Thanks a lot 🙂

LucD
Leadership
Leadership
Jump to solution

To use the Portgroup, you could do something like this

$vmNic = (Get-NetworkAdapter -VM $vm | where{$_.NetworkName -eq <your-portgroup-name>}).ExtensionData

To use the vNIC label, you can use the same logic as in  https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Remove-Port-Mirroring/td-p/2250195/jum... 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference